Subgraph OS was designed from the ground-up to reduce the risks in endpoint systems so that individuals and organizations around the world can communicate, share, and collaborate without fear of surveillance or interference by sophisticated adversaries through network borne attacks.

Subgraph OS is designed to be difficult to attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on the integrity of installable software packages.

Given that they're based in Canada, which is in the Five Eyes, I see no reason to treat this company as any less potentially compromised than one based in Cheltenham, 100 yards from GCHQ, with whom they share a postbox, milkman and lots of curious WiFi interference.

How does using this repackaged Linux distro provide anything other than a sense of false security?